Medical lab says FTC breach probe forced it to close
LabMD decides to close in the midst of an FTC investigation into a a leak of the persoanl data of some 10,000 people
Computerworld - An Atlanta-based medical laboratory that has been embroiled in a bitter feud with the U.S. Federal Trade Commission over a data breach investigation shut down its operations this week.
In a statement , LabMD CEO Michael Daugherty claimed the FTC's "abuse of power" in pursuing the investigation forced the decision to close the lab.
"The FTC has spent untold taxpayer dollars investigating LabMD, destroying jobs and usurping power over patient information from the U.S. Department of Health and Human Services," Daugherty said.
He accused the FTC of overstepping its authority in going after LabMD and said the agency did not have the Congressional authority to regulate data security practices.
"We are exhausted. When you are a small company you have only that much energy," Daugherty told Computerworld Thursday. Over the past four years, the FTC subpoenaed dozens of LabMD employees, forced its executives fly all over the country for depositions, and subjected the company to numerous requests for information, he said.
In a single day, he said, the federal agency issued 35 subpoenas for 23 simultaneous depositions from executives around the country, he said. "They even wanted depositions with people who left the company several years ago," Daugherty noted.
"It's been an administrative temper tantrum," since 2010 when the FTC first began its investigation, said Daugherty who has published a book describing the episode.
Daugherty's decision to pull the plug on the lab comes just two weeks after an FTC panel rejected a LabMD motion seeking dismissal of the case against, which is now before an FTC administrative panel. About 20 people will lose their jobs when the company winds up operations.
LabMD's battle with the FTC began in 2010 when Tiversa, a provider of peer-to-peer network monitoring services found a 1,719 page billing spreadsheet belonging to the medical lab floating about on a file-sharing network. The LabMD document contained personal information like Social Security Numbers, treatment codes and insurance data on more than 9,000 people.
Tiversa says it discovered the document when conducting research on the inadvertent leakage of sensitive data on P2P networks. The LabMD document was one of thousands of sensitive documents the company found that had leaked on P2P networks during the research effort.
Tiversa's discovery prompted the FTC to launch a broad investigation, asking several companies, including LabMD, whose documents were found on P2P networks, to provide detailed information on data collection, storage and usage practices.
Each of the companies had to provide data on every computer used to collect and store personal information.
Each was also required to provide a "narrative" or a blueprint describing network components in minute detail, down to individual firewalls and routers, and even database tables and field names containing personal data.
The FTC's 12-page Civil Investigative Demand (CID) letter sought details on what each company knew about the leaked data, when they discovered the leaks, why they had allowed P2P software on company systems and what efforts they had taken to inform affected individuals.
In August 2013, after more than two years of discovery, the FTC filed a formal complaint against LabMD alleging that the company had failed to adequately protect sensitive personal data including healthcare information. The complaint alleged that LabMD had exposed data on close to 10,000 consumers in two separate incidents.
Similar administrative action by the FTC have forced numerous companies into costly settlements over the past few years.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts